/*
 * chap-new.c - New CHAP implementation.
 *
 * Copyright (c) 2003 Paul Mackerras. All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 *
 * 2. The name(s) of the authors of this software must not be used to
 *    endorse or promote products derived from this software without
 *    prior written permission.
 *
 * 3. Redistributions of any form whatsoever must retain the following
 *    acknowledgment:
 *    "This product includes software developed by Paul Mackerras
 *     <paulus@samba.org>".
 *
 * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
 * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
 * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY
 * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
 * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
 * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */

#include "netif/ppp/ppp_opts.h"
#if PPP_SUPPORT && CHAP_SUPPORT  /* don't build if not configured for use in lwipopts.h */

#if 0 /* UNUSED */
#include <stdlib.h>
#include <string.h>
#endif /* UNUSED */

#include "netif/ppp/ppp_impl.h"

#if 0 /* UNUSED */
#include "session.h"
#endif /* UNUSED */

#include "netif/ppp/chap-new.h"
#include "netif/ppp/chap-md5.h"
#if MSCHAP_SUPPORT
#include "netif/ppp/chap_ms.h"
#endif
#include "netif/ppp/magic.h"

#if 0 /* UNUSED */
/* Hook for a plugin to validate CHAP challenge */
int (*chap_verify_hook)(const char *name, const char *ourname, int id,
                        const struct chap_digest_type *digest,
                        const unsigned char *challenge, const unsigned char *response,
                        char *message, int message_space) = NULL;
#endif /* UNUSED */

#if PPP_OPTIONS
/*
 * Command-line options.
 */
static option_t chap_option_list[] =
{
    {
        "chap-restart", o_int, &chap_timeout_time,
        "Set timeout for CHAP", OPT_PRIO
    },
    {
        "chap-max-challenge", o_int, &pcb->settings.chap_max_transmits,
        "Set max #xmits for challenge", OPT_PRIO
    },
    {
        "chap-interval", o_int, &pcb->settings.chap_rechallenge_time,
        "Set interval for rechallenge", OPT_PRIO
    },
    { NULL }
};
#endif /* PPP_OPTIONS */


/* Values for flags in chap_client_state and chap_server_state */
#define LOWERUP			1
#define AUTH_STARTED		2
#define AUTH_DONE		4
#define AUTH_FAILED		8
#define TIMEOUT_PENDING		0x10
#define CHALLENGE_VALID		0x20

/*
 * Prototypes.
 */
static void chap_init(ppp_pcb *pcb);
static void chap_lowerup(ppp_pcb *pcb);
static void chap_lowerdown(ppp_pcb *pcb);
#if PPP_SERVER
static void chap_timeout(void *arg);
static void chap_generate_challenge(ppp_pcb *pcb);
static void chap_handle_response(ppp_pcb *pcb, int code,
                                 unsigned char *pkt, int len);
static int chap_verify_response(ppp_pcb *pcb, const char *name, const char *ourname, int id,
                                const struct chap_digest_type *digest,
                                const unsigned char *challenge, const unsigned char *response,
                                char *message, int message_space);
#endif /* PPP_SERVER */
static void chap_respond(ppp_pcb *pcb, int id,
                         unsigned char *pkt, int len);
static void chap_handle_status(ppp_pcb *pcb, int code, int id,
                               unsigned char *pkt, int len);
static void chap_protrej(ppp_pcb *pcb);
static void chap_input(ppp_pcb *pcb, unsigned char *pkt, int pktlen);
#if PRINTPKT_SUPPORT
static int chap_print_pkt(const unsigned char *p, int plen,
                          void (*printer) (void *, const char *, ...), void *arg);
#endif /* PRINTPKT_SUPPORT */

/* List of digest types that we know about */
static const struct chap_digest_type *const chap_digests[] =
{
    &md5_digest,
#if MSCHAP_SUPPORT
    &chapms_digest,
    &chapms2_digest,
#endif /* MSCHAP_SUPPORT */
    NULL
};

/*
 * chap_init - reset to initial state.
 */
static void chap_init(ppp_pcb *pcb)
{
    LWIP_UNUSED_ARG(pcb);

#if 0 /* Not necessary, everything is cleared in ppp_new() */
    memset(&pcb->chap_client, 0, sizeof(chap_client_state));
#if PPP_SERVER
    memset(&pcb->chap_server, 0, sizeof(chap_server_state));
#endif /* PPP_SERVER */
#endif /* 0 */
}

/*
 * chap_lowerup - we can start doing stuff now.
 */
static void chap_lowerup(ppp_pcb *pcb)
{

    pcb->chap_client.flags |= LOWERUP;
#if PPP_SERVER
    pcb->chap_server.flags |= LOWERUP;
    if (pcb->chap_server.flags & AUTH_STARTED)
        chap_timeout(pcb);
#endif /* PPP_SERVER */
}

static void chap_lowerdown(ppp_pcb *pcb)
{

    pcb->chap_client.flags = 0;
#if PPP_SERVER
    if (pcb->chap_server.flags & TIMEOUT_PENDING)
        UNTIMEOUT(chap_timeout, pcb);
    pcb->chap_server.flags = 0;
#endif /* PPP_SERVER */
}

#if PPP_SERVER
/*
 * chap_auth_peer - Start authenticating the peer.
 * If the lower layer is already up, we start sending challenges,
 * otherwise we wait for the lower layer to come up.
 */
void chap_auth_peer(ppp_pcb *pcb, const char *our_name, int digest_code)
{
    const struct chap_digest_type *dp;
    int i;

    if (pcb->chap_server.flags & AUTH_STARTED)
    {
        ppp_error("CHAP: peer authentication already started!");
        return;
    }
    for (i = 0; (dp = chap_digests[i]) != NULL; ++i)
        if (dp->code == digest_code)
            break;
    if (dp == NULL)
        ppp_fatal("CHAP digest 0x%x requested but not available",
                  digest_code);

    pcb->chap_server.digest = dp;
    pcb->chap_server.name = our_name;
    /* Start with a random ID value */
    pcb->chap_server.id = magic();
    pcb->chap_server.flags |= AUTH_STARTED;
    if (pcb->chap_server.flags & LOWERUP)
        chap_timeout(pcb);
}
#endif /* PPP_SERVER */

/*
 * chap_auth_with_peer - Prepare to authenticate ourselves to the peer.
 * There isn't much to do until we receive a challenge.
 */
void chap_auth_with_peer(ppp_pcb *pcb, const char *our_name, int digest_code)
{
    const struct chap_digest_type *dp;
    int i;

    if(NULL == our_name)
        return;

    if (pcb->chap_client.flags & AUTH_STARTED)
    {
        ppp_error("CHAP: authentication with peer already started!");
        return;
    }
    for (i = 0; (dp = chap_digests[i]) != NULL; ++i)
        if (dp->code == digest_code)
            break;

    if (dp == NULL)
        ppp_fatal("CHAP digest 0x%x requested but not available",
                  digest_code);

    pcb->chap_client.digest = dp;
    pcb->chap_client.name = our_name;
    pcb->chap_client.flags |= AUTH_STARTED;
}

#if PPP_SERVER
/*
 * chap_timeout - It's time to send another challenge to the peer.
 * This could be either a retransmission of a previous challenge,
 * or a new challenge to start re-authentication.
 */
static void chap_timeout(void *arg)
{
    ppp_pcb *pcb = (ppp_pcb *)arg;
    struct pbuf *p;

    pcb->chap_server.flags &= ~TIMEOUT_PENDING;
    if ((pcb->chap_server.flags & CHALLENGE_VALID) == 0)
    {
        pcb->chap_server.challenge_xmits = 0;
        chap_generate_challenge(pcb);
        pcb->chap_server.flags |= CHALLENGE_VALID;
    }
    else if (pcb->chap_server.challenge_xmits >= pcb->settings.chap_max_transmits)
    {
        pcb->chap_server.flags &= ~CHALLENGE_VALID;
        pcb->chap_server.flags |= AUTH_DONE | AUTH_FAILED;
        auth_peer_fail(pcb, PPP_CHAP);
        return;
    }

    p = pbuf_alloc(PBUF_RAW, (u16_t)(pcb->chap_server.challenge_pktlen), PPP_CTRL_PBUF_TYPE);
    if(NULL == p)
        return;
    if(p->tot_len != p->len)
    {
        pbuf_free(p);
        return;
    }
    MEMCPY(p->payload, pcb->chap_server.challenge, pcb->chap_server.challenge_pktlen);
    ppp_write(pcb, p);
    ++pcb->chap_server.challenge_xmits;
    pcb->chap_server.flags |= TIMEOUT_PENDING;
    TIMEOUT(chap_timeout, arg, pcb->settings.chap_timeout_time);
}

/*
 * chap_generate_challenge - generate a challenge string and format
 * the challenge packet in pcb->chap_server.challenge_pkt.
 */
static void chap_generate_challenge(ppp_pcb *pcb)
{
    int clen = 1, nlen, len;
    unsigned char *p;

    p = pcb->chap_server.challenge;
    MAKEHEADER(p, PPP_CHAP);
    p += CHAP_HDRLEN;
    pcb->chap_server.digest->generate_challenge(pcb, p);
    clen = *p;
    nlen = strlen(pcb->chap_server.name);
    memcpy(p + 1 + clen, pcb->chap_server.name, nlen);

    len = CHAP_HDRLEN + 1 + clen + nlen;
    pcb->chap_server.challenge_pktlen = PPP_HDRLEN + len;

    p = pcb->chap_server.challenge + PPP_HDRLEN;
    p[0] = CHAP_CHALLENGE;
    p[1] = ++pcb->chap_server.id;
    p[2] = len >> 8;
    p[3] = len;
}

/*
 * chap_handle_response - check the response to our challenge.
 */
static void  chap_handle_response(ppp_pcb *pcb, int id,
                                  unsigned char *pkt, int len)
{
    int response_len, ok, mlen;
    const unsigned char *response;
    unsigned char *outp;
    struct pbuf *p;
    const char *name = NULL;	/* initialized to shut gcc up */
#if 0 /* UNUSED */
    int (*verifier)(const char *, const char *, int, const struct chap_digest_type *,
                    const unsigned char *, const unsigned char *, char *, int);
#endif /* UNUSED */
    char rname[MAXNAMELEN + 1];
    char message[256];

    if ((pcb->chap_server.flags & LOWERUP) == 0)
        return;
    if (id != pcb->chap_server.challenge[PPP_HDRLEN + 1] || len < 2)
        return;
    if (pcb->chap_server.flags & CHALLENGE_VALID)
    {
        response = pkt;
        GETCHAR(response_len, pkt);
        len -= response_len + 1;	/* length of name */
        name = (char *)pkt + response_len;
        if (len < 0)
            return;

        if (pcb->chap_server.flags & TIMEOUT_PENDING)
        {
            pcb->chap_server.flags &= ~TIMEOUT_PENDING;
            UNTIMEOUT(chap_timeout, pcb);
        }
#if PPP_REMOTENAME
        if (pcb->settings.explicit_remote)
        {
            name = pcb->remote_name;
        }
        else
#endif /* PPP_REMOTENAME */
        {
            /* Null terminate and clean remote name. */
            ppp_slprintf(rname, sizeof(rname), "%.*v", len, name);
            name = rname;
        }

#if 0 /* UNUSED */
        if (chap_verify_hook)
            verifier = chap_verify_hook;
        else
            verifier = chap_verify_response;
        ok = (*verifier)(name, pcb->chap_server.name, id, pcb->chap_server.digest,
                         pcb->chap_server.challenge + PPP_HDRLEN + CHAP_HDRLEN,
                         response, pcb->chap_server.message, sizeof(pcb->chap_server.message));
#endif /* UNUSED */
        ok = chap_verify_response(pcb, name, pcb->chap_server.name, id, pcb->chap_server.digest,
                                  pcb->chap_server.challenge + PPP_HDRLEN + CHAP_HDRLEN,
                                  response, message, sizeof(message));
#if 0 /* UNUSED */
        if (!ok || !auth_number())
        {
#endif /* UNUSED */
            if (!ok)
            {
                pcb->chap_server.flags |= AUTH_FAILED;
                ppp_warn("Peer %q failed CHAP authentication", name);
            }
        }
        else if ((pcb->chap_server.flags & AUTH_DONE) == 0)
            return;

        /* send the response */
        mlen = strlen(message);
        len = CHAP_HDRLEN + mlen;
        p = pbuf_alloc(PBUF_RAW, (u16_t)(PPP_HDRLEN + len), PPP_CTRL_PBUF_TYPE);
        if(NULL == p)
            return;
        if(p->tot_len != p->len)
        {
            pbuf_free(p);
            return;
        }

        outp = (unsigned char *)p->payload;
        MAKEHEADER(outp, PPP_CHAP);

        outp[0] = (pcb->chap_server.flags & AUTH_FAILED) ? CHAP_FAILURE : CHAP_SUCCESS;
        outp[1] = id;
        outp[2] = len >> 8;
        outp[3] = len;
        if (mlen > 0)
            memcpy(outp + CHAP_HDRLEN, message, mlen);
        ppp_write(pcb, p);

        if (pcb->chap_server.flags & CHALLENGE_VALID)
        {
            pcb->chap_server.flags &= ~CHALLENGE_VALID;
            if (!(pcb->chap_server.flags & AUTH_DONE) && !(pcb->chap_server.flags & AUTH_FAILED))
            {

#if 0 /* UNUSED */
                /*
                 * Auth is OK, so now we need to check session restrictions
                 * to ensure everything is OK, but only if we used a
                 * plugin, and only if we're configured to check.  This
                 * allows us to do PAM checks on PPP servers that
                 * authenticate against ActiveDirectory, and use AD for
                 * account info (like when using Winbind integrated with
                 * PAM).
                 */
                if (session_mgmt &&
                        session_check(name, NULL, devnam, NULL) == 0)
                {
                    pcb->chap_server.flags |= AUTH_FAILED;
                    ppp_warn("Peer %q failed CHAP Session verification", name);
                }
#endif /* UNUSED */

            }
            if (pcb->chap_server.flags & AUTH_FAILED)
            {
                auth_peer_fail(pcb, PPP_CHAP);
            }
            else
            {
                if ((pcb->chap_server.flags & AUTH_DONE) == 0)
                    auth_peer_success(pcb, PPP_CHAP,
                                      pcb->chap_server.digest->code,
                                      name, strlen(name));
                if (pcb->settings.chap_rechallenge_time)
                {
                    pcb->chap_server.flags |= TIMEOUT_PENDING;
                    TIMEOUT(chap_timeout, pcb,
                            pcb->settings.chap_rechallenge_time);
                }
            }
            pcb->chap_server.flags |= AUTH_DONE;
        }
    }

    /*
     * chap_verify_response - check whether the peer's response matches
     * what we think it should be.  Returns 1 if it does (authentication
     * succeeded), or 0 if it doesn't.
     */
    static int chap_verify_response(ppp_pcb * pcb, const char *name, const char *ourname, int id,
                                    const struct chap_digest_type * digest,
                                    const unsigned char *challenge, const unsigned char *response,
                                    char *message, int message_space)
    {
        int ok;
        unsigned char secret[MAXSECRETLEN];
        int secret_len;

        /* Get the secret that the peer is supposed to know */
        if (!get_secret(pcb, name, ourname, (char *)secret, &secret_len, 1))
        {
            ppp_error("No CHAP secret found for authenticating %q", name);
            return 0;
        }
        ok = digest->verify_response(pcb, id, name, secret, secret_len, challenge,
                                     response, message, message_space);
        memset(secret, 0, sizeof(secret));

        return ok;
    }
#endif /* PPP_SERVER */

    /*
     * chap_respond - Generate and send a response to a challenge.
     */
    static void chap_respond(ppp_pcb * pcb, int id,
                             unsigned char *pkt, int len)
    {
        int clen, nlen;
        int secret_len;
        struct pbuf *p;
        u_char *outp;
        char rname[MAXNAMELEN + 1];
        char secret[MAXSECRETLEN + 1];

        p = pbuf_alloc(PBUF_RAW, (u16_t)(RESP_MAX_PKTLEN), PPP_CTRL_PBUF_TYPE);
        if(NULL == p)
            return;
        if(p->tot_len != p->len)
        {
            pbuf_free(p);
            return;
        }

        if ((pcb->chap_client.flags & (LOWERUP | AUTH_STARTED)) != (LOWERUP | AUTH_STARTED))
            return;		/* not ready */
        if (len < 2 || len < pkt[0] + 1)
            return;		/* too short */
        clen = pkt[0];
        nlen = len - (clen + 1);

        /* Null terminate and clean remote name. */
        ppp_slprintf(rname, sizeof(rname), "%.*v", nlen, pkt + clen + 1);

#if PPP_REMOTENAME
        /* Microsoft doesn't send their name back in the PPP packet */
        if (pcb->settings.explicit_remote || (pcb->settings.remote_name[0] != 0 && rname[0] == 0))
            strlcpy(rname, pcb->settings.remote_name, sizeof(rname));
#endif /* PPP_REMOTENAME */

        /* get secret for authenticating ourselves with the specified host */
        if (!get_secret(pcb, pcb->chap_client.name, rname, secret, &secret_len, 0))
        {
            secret_len = 0;	/* assume null secret if can't find one */
            ppp_warn("No CHAP secret found for authenticating us to %q", rname);
        }

        outp = (u_char *)p->payload;
        MAKEHEADER(outp, PPP_CHAP);
        outp += CHAP_HDRLEN;

        pcb->chap_client.digest->make_response(pcb, outp, id, pcb->chap_client.name, pkt,
                                               secret, secret_len, pcb->chap_client.priv);
        memset(secret, 0, secret_len);

        clen = *outp;
        nlen = strlen(pcb->chap_client.name);
        memcpy(outp + clen + 1, pcb->chap_client.name, nlen);

        outp = (u_char *)p->payload + PPP_HDRLEN;
        len = CHAP_HDRLEN + clen + 1 + nlen;
        outp[0] = CHAP_RESPONSE;
        outp[1] = id;
        outp[2] = len >> 8;
        outp[3] = len;

        pbuf_realloc(p, PPP_HDRLEN + len);
        ppp_write(pcb, p);
    }

    static void chap_handle_status(ppp_pcb * pcb, int code, int id,
                                   unsigned char *pkt, int len)
    {
        const char *msg = NULL;
        LWIP_UNUSED_ARG(id);

        if ((pcb->chap_client.flags & (AUTH_DONE | AUTH_STARTED | LOWERUP))
                != (AUTH_STARTED | LOWERUP))
            return;
        pcb->chap_client.flags |= AUTH_DONE;

        if (code == CHAP_SUCCESS)
        {
            /* used for MS-CHAP v2 mutual auth, yuck */
            if (pcb->chap_client.digest->check_success != NULL)
            {
                if (!(*pcb->chap_client.digest->check_success)(pcb, pkt, len, pcb->chap_client.priv))
                    code = CHAP_FAILURE;
            }
            else
                msg = "CHAP authentication succeeded";
        }
        else
        {
            if (pcb->chap_client.digest->handle_failure != NULL)
                (*pcb->chap_client.digest->handle_failure)(pcb, pkt, len);
            else
                msg = "CHAP authentication failed";
        }
        if (msg)
        {
            if (len > 0)
                ppp_info("%s: %.*v", msg, len, pkt);
            else
                ppp_info("%s", msg);
        }
        if (code == CHAP_SUCCESS)
            auth_withpeer_success(pcb, PPP_CHAP, pcb->chap_client.digest->code);
        else
        {
            pcb->chap_client.flags |= AUTH_FAILED;
            ppp_error("CHAP authentication failed");
            auth_withpeer_fail(pcb, PPP_CHAP);
        }
    }

    static void chap_input(ppp_pcb * pcb, unsigned char *pkt, int pktlen)
    {
        unsigned char code, id;
        int len;

        if (pktlen < CHAP_HDRLEN)
            return;
        GETCHAR(code, pkt);
        GETCHAR(id, pkt);
        GETSHORT(len, pkt);
        if (len < CHAP_HDRLEN || len > pktlen)
            return;
        len -= CHAP_HDRLEN;

        switch (code)
        {
        case CHAP_CHALLENGE:
            chap_respond(pcb, id, pkt, len);
            break;
#if PPP_SERVER
        case CHAP_RESPONSE:
            chap_handle_response(pcb, id, pkt, len);
            break;
#endif /* PPP_SERVER */
        case CHAP_FAILURE:
        case CHAP_SUCCESS:
            chap_handle_status(pcb, code, id, pkt, len);
            break;
        default:
            break;
        }
    }

    static void chap_protrej(ppp_pcb * pcb)
    {

#if PPP_SERVER
        if (pcb->chap_server.flags & TIMEOUT_PENDING)
        {
            pcb->chap_server.flags &= ~TIMEOUT_PENDING;
            UNTIMEOUT(chap_timeout, pcb);
        }
        if (pcb->chap_server.flags & AUTH_STARTED)
        {
            pcb->chap_server.flags = 0;
            auth_peer_fail(pcb, PPP_CHAP);
        }
#endif /* PPP_SERVER */
        if ((pcb->chap_client.flags & (AUTH_STARTED | AUTH_DONE)) == AUTH_STARTED)
        {
            pcb->chap_client.flags &= ~AUTH_STARTED;
            ppp_error("CHAP authentication failed due to protocol-reject");
            auth_withpeer_fail(pcb, PPP_CHAP);
        }
    }

#if PRINTPKT_SUPPORT
    /*
     * chap_print_pkt - print the contents of a CHAP packet.
     */
    static const char *const chap_code_names[] =
    {
        "Challenge", "Response", "Success", "Failure"
    };

    static int chap_print_pkt(const unsigned char *p, int plen,
                              void (*printer) (void *, const char *, ...), void *arg)
    {
        int code, id, len;
        int clen, nlen;
        unsigned char x;

        if (plen < CHAP_HDRLEN)
            return 0;
        GETCHAR(code, p);
        GETCHAR(id, p);
        GETSHORT(len, p);
        if (len < CHAP_HDRLEN || len > plen)
            return 0;

        if (code >= 1 && code <= (int)LWIP_ARRAYSIZE(chap_code_names))
            printer(arg, " %s", chap_code_names[code - 1]);
        else
            printer(arg, " code=0x%x", code);
        printer(arg, " id=0x%x", id);
        len -= CHAP_HDRLEN;
        switch (code)
        {
        case CHAP_CHALLENGE:
        case CHAP_RESPONSE:
            if (len < 1)
                break;
            clen = p[0];
            if (len < clen + 1)
                break;
            ++p;
            nlen = len - clen - 1;
            printer(arg, " <");
            for (; clen > 0; --clen)
            {
                GETCHAR(x, p);
                printer(arg, "%.2x", x);
            }
            printer(arg, ">, name = ");
            ppp_print_string(p, nlen, printer, arg);
            break;
        case CHAP_FAILURE:
        case CHAP_SUCCESS:
            printer(arg, " ");
            ppp_print_string(p, len, printer, arg);
            break;
        default:
            for (clen = len; clen > 0; --clen)
            {
                GETCHAR(x, p);
                printer(arg, " %.2x", x);
            }
            /* no break */
        }

        return len + CHAP_HDRLEN;
    }
#endif /* PRINTPKT_SUPPORT */

    const struct protent chap_protent =
    {
        PPP_CHAP,
        chap_init,
        chap_input,
        chap_protrej,
        chap_lowerup,
        chap_lowerdown,
        NULL,		/* open */
        NULL,		/* close */
#if PRINTPKT_SUPPORT
        chap_print_pkt,
#endif /* PRINTPKT_SUPPORT */
#if PPP_DATAINPUT
        NULL,		/* datainput */
#endif /* PPP_DATAINPUT */
#if PRINTPKT_SUPPORT
        "CHAP",		/* name */
        NULL,		/* data_name */
#endif /* PRINTPKT_SUPPORT */
#if PPP_OPTIONS
        chap_option_list,
        NULL,		/* check_options */
#endif /* PPP_OPTIONS */
#if DEMAND_SUPPORT
        NULL,
        NULL
#endif /* DEMAND_SUPPORT */
    };

#endif /* PPP_SUPPORT && CHAP_SUPPORT */
